Lucene search

[email protected]NVD:CVE-2012-4414

HistoryJan 22, 2013 - 11:55 p.m.

CVE-2012-4414

2013-01-2223:55:02

CWE-89

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.7%

JSON

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

Affected configurations

NVD

Node

oraclemysqlRange≤5.5.28

oraclemysqlMatch5.1.51

oraclemysqlMatch5.1.52

oraclemysqlMatch5.1.52sp1

oraclemysqlMatch5.1.53

oraclemysqlMatch5.1.54

oraclemysqlMatch5.1.55

oraclemysqlMatch5.1.56

oraclemysqlMatch5.1.57

oraclemysqlMatch5.1.58

oraclemysqlMatch5.1.59

oraclemysqlMatch5.1.60

oraclemysqlMatch5.1.61

oraclemysqlMatch5.1.62

oraclemysqlMatch5.1.63

oraclemysqlMatch5.1.64

oraclemysqlMatch5.1.65

oraclemysqlMatch5.1.66

oraclemysqlMatch5.1.67

oraclemysqlMatch5.5.10

oraclemysqlMatch5.5.11

oraclemysqlMatch5.5.12

oraclemysqlMatch5.5.13

oraclemysqlMatch5.5.14

oraclemysqlMatch5.5.15

oraclemysqlMatch5.5.16

oraclemysqlMatch5.5.17

oraclemysqlMatch5.5.18

oraclemysqlMatch5.5.19

oraclemysqlMatch5.5.20

oraclemysqlMatch5.5.21

oraclemysqlMatch5.5.22

oraclemysqlMatch5.5.23

oraclemysqlMatch5.5.24

oraclemysqlMatch5.5.25

oraclemysqlMatch5.5.25a

oraclemysqlMatch5.5.26

oraclemysqlMatch5.5.27

Node

mariadbmariadbMatch5.1.41

mariadbmariadbMatch5.1.42

mariadbmariadbMatch5.1.44

mariadbmariadbMatch5.1.47

mariadbmariadbMatch5.1.49

mariadbmariadbMatch5.1.50

mariadbmariadbMatch5.1.51

mariadbmariadbMatch5.1.53

mariadbmariadbMatch5.1.55

mariadbmariadbMatch5.1.60

mariadbmariadbMatch5.1.61

mariadbmariadbMatch5.1.62

Node

mariadbmariadbMatch5.2.0

mariadbmariadbMatch5.2.1

mariadbmariadbMatch5.2.2

mariadbmariadbMatch5.2.3

mariadbmariadbMatch5.2.4

mariadbmariadbMatch5.2.5

mariadbmariadbMatch5.2.6

mariadbmariadbMatch5.2.7

mariadbmariadbMatch5.2.8

mariadbmariadbMatch5.2.9

mariadbmariadbMatch5.2.10

mariadbmariadbMatch5.2.11

mariadbmariadbMatch5.2.12

Node

mariadbmariadbMatch5.3.0

mariadbmariadbMatch5.3.1

mariadbmariadbMatch5.3.2

mariadbmariadbMatch5.3.3

mariadbmariadbMatch5.3.4

mariadbmariadbMatch5.3.5

mariadbmariadbMatch5.3.6

mariadbmariadbMatch5.3.7

Node

mariadbmariadbMatch5.5.20

mariadbmariadbMatch5.5.21

mariadbmariadbMatch5.5.22

mariadbmariadbMatch5.5.23

mariadbmariadbMatch5.5.24

mariadbmariadbMatch5.5.25

References

bugs.mysql.com/bug.php?id=66550

lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html

lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html

lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html

lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html

www.mandriva.com/security/advisories?name=MDVSA-2013:102

www.mandriva.com/security/advisories?name=MDVSA-2013:150

www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/

www.openwall.com/lists/oss-security/2012/09/11/4

www.securityfocus.com/bid/55498

bugzilla.redhat.com/show_bug.cgi?id=852144

mariadb.atlassian.net/browse/MDEV-382

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.7%

JSON

Related for NVD:CVE-2012-4414

prion1 mariadbunix1 cvelist1 cve1 nessus13 ubuntucve1 suse4 openvas7 freebsd1 oracle1